From 6bc699f99c5c9f4764362756979f5a77cacfd112 Mon Sep 17 00:00:00 2001 From: mag Date: Mon, 1 Dec 2025 11:50:28 +0100 Subject: [PATCH] Upload files to "tasks" --- tasks/Debian.yml | 139 ++++++++++++++++++ tasks/Linux-files.yml | 136 ++++++++++++++++++ tasks/Linux.yml | 318 ++++++++++++++++++++++++++++++++++++++++++ tasks/RedHat.yml | 11 ++ tasks/main.yml | 83 +++++++++++ 5 files changed, 687 insertions(+) create mode 100644 tasks/Debian.yml create mode 100644 tasks/Linux-files.yml create mode 100644 tasks/Linux.yml create mode 100644 tasks/RedHat.yml create mode 100644 tasks/main.yml diff --git a/tasks/Debian.yml b/tasks/Debian.yml new file mode 100644 index 0000000..1431d32 --- /dev/null +++ b/tasks/Debian.yml @@ -0,0 +1,139 @@ +--- +# ============================================================================ +# Package Installation Tasks +# ============================================================================ + +- name: "{{ ansible_os_family }} Derivatives: Install host-specific {{ checkmk_agent_edition | upper }} Agent." + become: true + ansible.builtin.apt: + deb: "{{ __checkmk_agent_agent.file.host }}" + force: "{{ checkmk_agent_force_install | bool }}" + state: present + when: | + checkmk_agent_edition | lower != "cre" + and checkmk_agent_host_specific | bool + failed_when: false # Ignore if a newer version is already installed + tags: + - install-package + +- name: "{{ ansible_os_family }} Derivatives: Install GENERIC or folder-specific {{ checkmk_agent_edition | upper }} Agent." + become: true + ansible.builtin.apt: + deb: "{{ __checkmk_agent_agent.file.cee }}" + force: "{{ checkmk_agent_force_install | bool }}" + state: present + when: | + checkmk_agent_edition | lower != "cre" + and not checkmk_agent_host_specific | bool + failed_when: false # Ignore if a newer version is already installed + tags: + - install-package + +- name: "{{ ansible_os_family }} Derivatives: Transfer Vanilla agent." + ansible.builtin.copy: + src: "{{ __checkmk_agent_agent.file.cre }}" + dest: "{{ __checkmk_agent_agent.file.cre }}" + mode: "0644" + when: | + checkmk_agent_edition | lower == "cre" + and checkmk_agent_delegate_download != inventory_hostname + tags: + - download-package + +- name: "{{ ansible_os_family }} Derivatives: Install Vanilla agent." + become: true + ansible.builtin.apt: + deb: "{{ __checkmk_agent_agent.file.cre }}" + force: "{{ checkmk_agent_force_install | bool }}" + state: present + when: checkmk_agent_edition | lower == "cre" + failed_when: false # Ignore if a newer version is already installed + tags: + - install-package + +# ============================================================================ +# Firewall Configuration Tasks +# ============================================================================ +# These tasks only run if UFW is installed, enabled in config, AND already active. +# We don't want to accidentally enable UFW if it's not currently running. +# ============================================================================ + +- name: "{{ ansible_os_family }}: Check if UFW is active." + become: true + ansible.builtin.command: ufw status + register: __checkmk_agent_ufw_status + changed_when: false # Status check should never report as changed + failed_when: false # Don't fail if UFW is not installed + when: checkmk_agent_configure_firewall | bool and "ufw" in ansible_facts.services + tags: + - configure-firewall + +- name: "{{ ansible_os_family }} Configure Firewall for Agent." + # Opens port 6556/tcp for CheckMK agent communication + # Only runs if UFW is already active to avoid accidentally enabling firewall + become: true + ansible.builtin.raw: | + ufw allow 6556/tcp + ufw reload + args: + executable: /bin/bash + register: __checkmk_agent_ufw_result + changed_when: "'Skipping' not in __checkmk_agent_ufw_result.stdout" + when: | + checkmk_agent_configure_firewall | bool + and "ufw" in ansible_facts.services + and __checkmk_agent_ufw_status is defined + and 'Status: active' in __checkmk_agent_ufw_status.stdout + tags: + - configure-firewall + +- name: "{{ ansible_os_family }} Derivatives: Configure Firewall for Agent with IP restrictions." + # This block adds IP-specific firewall rules for the CheckMK server + # It handles both direct IP addresses and hostnames (which get resolved via DNS) + when: | + checkmk_agent_configure_firewall | bool + and "ufw" in ansible_facts.services + and __checkmk_agent_ufw_status is defined + and 'Status: active' in __checkmk_agent_ufw_status.stdout + block: + - name: "{{ ansible_os_family }} Derivatives: Add Checkmk Server to Firewall Whitelist if it is an IP address." + # Uses regex to detect if checkmk_agent_server is already an IP (IPv4 or IPv6) + # Regex pattern matches: IPv4 (x.x.x.x) or IPv6 (xxxx:xxxx:...) + when: checkmk_agent_server | regex_search('^([0-9]{1,3}\.){3}[0-9]{1,3}$|^([0-9a-fA-F:]+:+)+[0-9a-fA-F]+$') + ansible.builtin.set_fact: + checkmk_agent_server_ips: "{{ checkmk_agent_server_ips | default([]) + [checkmk_agent_server] }}" + + - name: "{{ ansible_os_family }} Derivatives: Resolve Checkmk Server hostname to IPs if it's not an IP." + # If checkmk_agent_server is a hostname (e.g., monitoring.gc-gruppe.net), + # resolve it to IP address(es) via getent (standard Linux tool, no extra dependencies) + # This ensures firewall rules work even when using hostnames + when: not (checkmk_agent_server | regex_search('^([0-9]{1,3}\.){3}[0-9]{1,3}$|^([0-9a-fA-F:]+:+)+[0-9a-fA-F]+$')) + become: true + ansible.builtin.shell: "getent hosts {{ checkmk_agent_server }} | awk '{ print $1 }' | head -n1" + register: __checkmk_agent_server_resolved + changed_when: false + + - name: "{{ ansible_os_family }} Derivatives: Set resolved IP as fact." + # Store the resolved IP address for use in firewall rules + when: + - __checkmk_agent_server_resolved is defined + - __checkmk_agent_server_resolved.stdout | length > 0 + ansible.builtin.set_fact: + checkmk_agent_server_ips: "{{ checkmk_agent_server_ips | default([]) + [__checkmk_agent_server_resolved.stdout] }}" + + - name: "{{ ansible_os_family }} Derivatives: Allow Checkmk services access to the agent." + # Creates UFW rules allowing each CheckMK server IP to connect to port 6556 + # Loops through all resolved/provided IPs and adds individual rules + # Each rule gets a comment for easy identification in 'ufw status' + when: checkmk_agent_server_ips is defined and checkmk_agent_server_ips | length > 0 + become: true + ansible.builtin.raw: | + ufw allow from {{ item }} to any port 6556 proto tcp comment 'Allow Checkmk' + ufw reload + args: + executable: /bin/bash + loop: "{{ checkmk_agent_server_ips }}" + register: __checkmk_agent_ufw_rich_result + changed_when: "'Skipping' not in __checkmk_agent_ufw_rich_result.stdout" + tags: + - configure-firewall \ No newline at end of file diff --git a/tasks/Linux-files.yml b/tasks/Linux-files.yml new file mode 100644 index 0000000..cdaa06b --- /dev/null +++ b/tasks/Linux-files.yml @@ -0,0 +1,136 @@ +--- +- name: "{{ ansible_system }}: Download Vanilla {{ checkmk_agent_edition | upper }} agent." + ansible.builtin.get_url: + url: "{{ __checkmk_agent_agent.url.cre }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + dest: "{{ __checkmk_agent_agent.file.cre }}" + mode: '0644' + timeout: "{{ checkmk_agent_download_timeout | default(omit) }}" + when: checkmk_agent_edition | lower == "cre" + register: __checkmk_agent_vanilla_download_state + retries: 3 + delay: 10 + until: "not __checkmk_agent_vanilla_download_state.failed | bool" + delegate_to: "{{ checkmk_agent_delegate_download }}" + tags: + - download-package + +- name: "{{ ansible_system }}: Download host-specific {{ checkmk_agent_edition | upper }} Agent." + ansible.builtin.uri: + url: + "{{ __checkmk_agent_agent.url.cee }}?\ + host_name={{ checkmk_agent_host_name }}&\ + os_type={{ __checkmk_agent_files_mapping[ansible_os_family] }}&\ + agent_type=host_name" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + dest: "{{ __checkmk_agent_agent.file.host }}" + method: GET + headers: + Authorization: "Bearer {{ checkmk_agent_user }} {{ __checkmk_agent_auth }}" + Accept: "application/octet-stream" + timeout: "{{ checkmk_agent_download_timeout | default(omit) }}" + when: | + checkmk_agent_edition | lower != "cre" + become: false + register: __checkmk_agent_host_download_state + # This task may fail, as we fall back to the generic agent in that case + failed_when: 'false' + changed_when: __checkmk_agent_host_download_state.status is defined and __checkmk_agent_host_download_state.status == 200 + delegate_to: "{{ checkmk_agent_delegate_download }}" + tags: + - download-package + +- name: "{{ ansible_system }}: Set Fact: Agent State: host-specific." + ansible.builtin.set_fact: + checkmk_agent_host_specific: >- + {{ (__checkmk_agent_host_download_state.status is defined and __checkmk_agent_host_download_state.status == 200) | bool }} + tags: + - download-package + +- name: "{{ ansible_system }}: Download folder-specific {{ checkmk_agent_edition | upper }} Agent." + ansible.builtin.uri: + url: + "{{ __checkmk_agent_agent.url.cee }}?\ + os_type={{ __checkmk_agent_files_mapping[ansible_os_family] }}&\ + folder_name={{ checkmk_agent_folder }}&\ + agent_type=generic" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + dest: "{{ __checkmk_agent_agent.file.cee }}" + method: GET + headers: + Authorization: "Bearer {{ checkmk_agent_user }} {{ __checkmk_agent_auth }}" + Accept: "application/octet-stream" + timeout: "{{ checkmk_agent_download_timeout | default(omit) }}" + become: false + register: __checkmk_agent_folder_download_state + when: | + checkmk_agent_edition | lower != "cre" + and checkmk_agent_folder is defined + and not checkmk_agent_host_specific | bool + retries: 3 + failed_when: 'false' + changed_when: __checkmk_agent_folder_download_state.status is defined and __checkmk_agent_folder_download_state.status == 200 + delegate_to: "{{ checkmk_agent_delegate_download }}" + tags: + - download-package + +- name: "{{ ansible_system }}: Set Fact: Agent State: folder-specific." + ansible.builtin.set_fact: + checkmk_agent_folder_specific: >- + {{ (__checkmk_agent_folder_download_state.status is defined and __checkmk_agent_folder_download_state.status == 200) | bool }} + tags: + - download-package + +- name: "{{ ansible_system }}: Download GENERIC {{ checkmk_agent_edition | upper }} Agent." + shell: | + curl -H "Accept: application/octet-stream" \ + -H "Authorization: Bearer {{ checkmk_agent_user }} {{ __checkmk_agent_auth }}" \ + {% if not checkmk_agent_server_validate_certs | bool %}--insecure{% endif %} \ + {% if checkmk_agent_download_timeout is defined %}--max-time {{ checkmk_agent_download_timeout }}{% endif %} \ + -o "{{ __checkmk_agent_agent.file.cee }}" \ + "{{ __checkmk_agent_agent.url.cee }}?os_type={{ __checkmk_agent_files_mapping[ansible_os_family] }}&agent_type=generic" + args: + creates: "{{ __checkmk_agent_agent.file.cee }}" + become: false + when: | + checkmk_agent_edition | lower != "cre" + and not (checkmk_agent_host_specific | bool or checkmk_agent_folder_specific | bool) + retries: 3 + delegate_to: "{{ checkmk_agent_delegate_download }}" + tags: + - download-package + +- name: "{{ ansible_system }}: Transfer host-specific {{ checkmk_agent_edition | upper }} Agent." + ansible.builtin.copy: + src: "{{ __checkmk_agent_agent.file.host }}" + dest: "{{ __checkmk_agent_agent.file.host }}" + mode: "0644" + when: | + checkmk_agent_edition | lower != "cre" + and checkmk_agent_host_specific | bool + and checkmk_agent_delegate_download != inventory_hostname + tags: + - download-package + +- name: "{{ ansible_system }}: Transfer GENERIC or folder-specific {{ checkmk_agent_edition | upper }} Agent." + ansible.builtin.copy: + src: "{{ __checkmk_agent_agent.file.cee }}" + dest: "{{ __checkmk_agent_agent.file.cee }}" + mode: "0644" + when: | + checkmk_agent_edition | lower != "cre" + and not checkmk_agent_host_specific | bool + and checkmk_agent_delegate_download != inventory_hostname + tags: + - download-package + +- name: "{{ ansible_system }}: Transfer Vanilla {{ checkmk_agent_edition | upper }} Agent." + ansible.builtin.copy: + src: "{{ __checkmk_agent_agent.file.cre }}" + dest: "{{ __checkmk_agent_agent.file.cre }}" + mode: "0644" + when: | + checkmk_agent_edition | lower == "cre" + and checkmk_agent_delegate_download != inventory_hostname + tags: + - download-package \ No newline at end of file diff --git a/tasks/Linux.yml b/tasks/Linux.yml new file mode 100644 index 0000000..4e77c1e --- /dev/null +++ b/tasks/Linux.yml @@ -0,0 +1,318 @@ +--- +- name: "{{ ansible_system }}: Get installed packages using native commands (RedHat)." + become: true + ansible.builtin.shell: rpm -qa --qf '%{NAME}\n' + register: __checkmk_agent_rpm_packages + changed_when: false + when: ansible_os_family == "RedHat" + no_log: true + tags: + - get-package-facts + +- name: "{{ ansible_system }}: Get installed packages using native commands (Debian)." + become: true + ansible.builtin.shell: dpkg-query -W -f='${Package}\n' + register: __checkmk_agent_deb_packages + changed_when: false + when: ansible_os_family == "Debian" + no_log: true + tags: + - get-package-facts + +- name: "{{ ansible_system }}: Create simple package list from RPM output." + ansible.builtin.set_fact: + __checkmk_agent_installed_packages: "{{ __checkmk_agent_rpm_packages.stdout_lines }}" + when: ansible_os_family == "RedHat" and __checkmk_agent_rpm_packages is defined + tags: + - get-package-facts + +- name: "{{ ansible_system }}: Create simple package list from DEB output." + ansible.builtin.set_fact: + __checkmk_agent_installed_packages: "{{ __checkmk_agent_deb_packages.stdout_lines }}" + when: ansible_os_family == "Debian" and __checkmk_agent_deb_packages is defined + tags: + - get-package-facts + +- name: "{{ ansible_system }}: Populate service facts." + ansible.builtin.service_facts: + +- name: "{{ ansible_system }}: Check if systemd version requires xinetd." + become: true + ansible.builtin.shell: | + if command -v rpm >/dev/null 2>&1; then + rpm -q systemd --qf '%{VERSION}\n' | head -n1 + elif command -v dpkg-query >/dev/null 2>&1; then + dpkg-query -W -f='${Version}\n' systemd | cut -d- -f1 + else + systemctl --version | head -n1 | awk '{print $2}' + fi + register: __checkmk_agent_systemd_version + changed_when: false + failed_when: false + when: checkmk_agent_prep_legacy | bool + tags: + - check-systemd + +- name: "{{ ansible_system }}: Run Legacy agent tasks." + block: + - name: "{{ ansible_system }}: Install xinetd" + become: true + ansible.builtin.package: + name: xinetd + state: present + tags: + - install-package + - install-prerequisites + + - name: "{{ ansible_system }}: Enable xinetd" + become: true + ansible.builtin.service: + name: xinetd + state: started + enabled: true + tags: + - enable-xinetd + when: | + checkmk_agent_prep_legacy | bool + and __checkmk_agent_systemd_version is defined + and __checkmk_agent_systemd_version.stdout is defined + and __checkmk_agent_systemd_version.stdout | int < 220 + +- name: "{{ ansible_system }}: Download Vanilla agent." + ansible.builtin.get_url: + url: "{{ __checkmk_agent_agent.url.cre }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + dest: "{{ __checkmk_agent_agent.file.cre }}" + mode: '0640' + timeout: "{{ checkmk_agent_download_timeout | default(omit) }}" + when: checkmk_agent_edition | lower == "cre" + register: __checkmk_agent_download_state + retries: 3 + delay: 10 + until: "not __checkmk_agent_download_state.failed | bool" + delegate_to: "{{ checkmk_agent_delegate_download }}" + tags: + - download-package + +- name: "{{ ansible_os_family }}: Run OS Family specific tasks." + ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" + tags: + - include-os-family-tasks + +- name: "{{ ansible_system }}: Create host on server." + checkmk.general.host: + server_url: "{{ checkmk_agent_server_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_server_port }}/" + site: "{{ checkmk_agent_site }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + automation_user: "{{ checkmk_agent_user }}" + automation_secret: "{{ __checkmk_agent_auth }}" + folder: "{{ checkmk_agent_folder | default(omit) }}" + name: "{{ checkmk_agent_host_name }}" + attributes: "{{ checkmk_agent_host_attributes }}" + state: "present" + become: false + register: __checkmk_agent_create_result + failed_when: | + (__checkmk_agent_create_result.failed == true) and + ("The host is already part of the specified target folder" not in __checkmk_agent_create_result.msg) + delegate_to: "{{ checkmk_agent_delegate_api_calls }}" + when: checkmk_agent_add_host | bool + notify: "Activate changes" + +# ============================================================ +# HIER IST DIE ÄNDERUNG! Diese Zeile wurde geändert: +# VORHER: when: __checkmk_agent_create_result.changed | bool +# JETZT: when: checkmk_agent_add_host | bool +# ============================================================ +- name: "Ensure registration readyness." # noqa no-handler + when: checkmk_agent_add_host | bool + block: + - name: "Trigger activation of changes." + ansible.builtin.meta: flush_handlers + +- name: "{{ ansible_system }}: Check for Agent Updater Binary." + ansible.builtin.stat: + path: /usr/bin/cmk-update-agent + register: __checkmk_agent_updater_binary + +- name: "{{ ansible_system }}: Check for Agent Controller Binary." + ansible.builtin.stat: + path: /usr/bin/cmk-agent-ctl + register: __checkmk_agent_controller_binary + +- name: "{{ ansible_system }}: Override binary checks for unsupported architectures." + ansible.builtin.set_fact: + __checkmk_agent_updater_binary: + stat: + exists: false + __checkmk_agent_controller_binary: + stat: + exists: false + when: ansible_architecture not in ['x86_64', 'aarch64'] + +- name: "{{ ansible_system }}: Read Updater State." + become: true + ansible.builtin.command: cat /var/lib/check_mk_agent/cache/plugins_cmk-update-agent.cache + register: __checkmk_agent_updater_state + changed_when: false + failed_when: | + not __checkmk_agent_updater_state.rc == 0 + and not __checkmk_agent_updater_state.rc == 1 + +- name: "{{ ansible_system }}: Read Agent Controller State." + become: true + ansible.builtin.command: cat /var/lib/cmk-agent/registered_connections.json + register: __checkmk_agent_registered_connections + changed_when: false + failed_when: | + not __checkmk_agent_registered_connections.rc == 0 + and not __checkmk_agent_registered_connections.rc == 1 + +- name: "{{ ansible_system }}: Register Agent for automatic Updates using User Password." + become: true + ansible.builtin.shell: | + cmk-update-agent register -H {{ checkmk_agent_host_name }} \ + -s {{ checkmk_agent_registration_server }} -i {{ checkmk_agent_registration_site }} -p {{ checkmk_agent_registration_server_protocol }} \ + -U {{ checkmk_agent_user }} -P {{ __checkmk_agent_auth | ansible.builtin.quote }} + no_log: "{{ checkmk_agent_no_log | bool }}" + register: __checkmk_agent_update_state + when: | + checkmk_agent_edition | lower != "cre" + and __checkmk_agent_updater_binary.stat.exists | bool + and checkmk_agent_update | bool + and (checkmk_agent_pass is defined and checkmk_agent_pass | length) + and (checkmk_agent_secret is not defined) + and not ( + (checkmk_agent_registration_server + '/' + checkmk_agent_registration_site in __checkmk_agent_updater_state.stdout) + and ('"error": null' in __checkmk_agent_updater_state.stdout) + ) + changed_when: "'Successfully registered agent of host' in __checkmk_agent_update_state.stderr" + +- name: "{{ ansible_system }}: Register Agent for automatic Updates using Automation Secret." + become: true + ansible.builtin.shell: | + cmk-update-agent register -H {{ checkmk_agent_host_name }} \ + -s {{ checkmk_agent_registration_server }} -i {{ checkmk_agent_registration_site }} -p {{ checkmk_agent_registration_server_protocol }} \ + -U {{ checkmk_agent_user }} -S {{ __checkmk_agent_auth | ansible.builtin.quote }} + no_log: "{{ checkmk_agent_no_log | bool }}" + register: __checkmk_agent_update_state + when: | + checkmk_agent_edition | lower != "cre" + and __checkmk_agent_updater_binary.stat.exists | bool + and checkmk_agent_update | bool + and (checkmk_agent_secret is defined and checkmk_agent_secret | length) + and not ( + (checkmk_agent_registration_server + '/' + checkmk_agent_registration_site in __checkmk_agent_updater_state.stdout) + and ('"error": null' in __checkmk_agent_updater_state.stdout) + ) + changed_when: "'Successfully registered agent of host' in __checkmk_agent_update_state.stderr" + +- name: "{{ ansible_system }}: Register Agent for TLS directly." + become: true + ansible.builtin.shell: | + cmk-agent-ctl register -H {{ checkmk_agent_host_name }} \ + -s {{ checkmk_agent_registration_server }} -i {{ checkmk_agent_registration_site }} \ + -U {{ checkmk_agent_user }} -P {{ __checkmk_agent_auth }} --trust-cert + no_log: "{{ checkmk_agent_no_log | bool }}" + register: __checkmk_agent_tls_state + retries: 3 + delay: 5 + until: __checkmk_agent_tls_state.rc == 0 + failed_when: false + when: | + __checkmk_agent_controller_binary.stat.exists | bool + and checkmk_agent_tls | bool + changed_when: "'Registration complete' in __checkmk_agent_tls_state.stdout" + +- name: "{{ ansible_system }}: Log registration failure details." + ansible.builtin.debug: + msg: | + ======================================== + REGISTRATION FAILED AFTER 3 RETRIES + ======================================== + Host: {{ checkmk_agent_host_name }} + Server: {{ checkmk_agent_registration_server }} + Site: {{ checkmk_agent_registration_site }} + + Return Code: {{ __checkmk_agent_tls_state.rc | default('N/A') }} + + STDOUT: + {{ __checkmk_agent_tls_state.stdout | default('No output') }} + + STDERR: + {{ __checkmk_agent_tls_state.stderr | default('No errors') }} + + Possible causes: + - Agent receiver service not running on monitoring server + - Network connectivity issues (firewall, routing) + - Authentication failed (check username/password) + - Host not created in CheckMK yet + - TLS certificate issues + - Timing issue (agent controller not fully started) + + Troubleshooting steps: + 1. Check agent receiver logs on monitoring server + 2. Verify host exists in CheckMK: Setup -> Hosts + 3. Test connection: curl -k https://{{ checkmk_agent_registration_server }}:8000/{{ checkmk_agent_registration_site }}/agent-receiver/register_existing + 4. Check cmk-agent-ctl status on this host + ======================================== + when: | + __checkmk_agent_tls_state is defined + and __checkmk_agent_tls_state.rc is defined + and __checkmk_agent_tls_state.rc != 0 + +- name: "{{ ansible_system }}: Create temporary proxy-register file." + become: true + ansible.builtin.copy: + dest: "{{ __checkmk_agent_host_tmp_dir }}/checkmk-import" + mode: u=r,g=,o= + owner: cmk-agent + group: cmk-agent + content: "{{ __checkmk_agent_proxy_registration_state.stdout }}" + no_log: "{{ checkmk_agent_no_log | bool }}" + when: | + __checkmk_agent_controller_binary.stat.exists | bool + and checkmk_agent_tls | bool + and checkmk_agent_delegate_registration | bool + and (__checkmk_agent_auth is defined and __checkmk_agent_auth | length) + and not checkmk_agent_registration_server + '/' + checkmk_agent_registration_site in __checkmk_agent_registered_connections.stdout + and __checkmk_agent_proxy_registration_state is defined + +- name: "{{ ansible_system }}: Import proxy-register file." + become: true + ansible.builtin.command: "cmk-agent-ctl import {{ __checkmk_agent_host_tmp_dir }}/checkmk-import" + no_log: "{{ checkmk_agent_no_log | bool }}" + register: __checkmk_agent_import_result + when: | + __checkmk_agent_controller_binary.stat.exists | bool + and checkmk_agent_tls | bool + and checkmk_agent_delegate_registration | bool + and (__checkmk_agent_auth is defined and __checkmk_agent_auth | length) + and not checkmk_agent_registration_server + '/' + checkmk_agent_registration_site in __checkmk_agent_registered_connections.stdout + and __checkmk_agent_proxy_registration_state is defined + changed_when: __checkmk_agent_import_result.rc == 0 + +- name: "{{ ansible_system }}: Clean-up proxy-register temporary file." + become: true + ansible.builtin.file: + path: "{{ __checkmk_agent_host_tmp_dir }}/checkmk-import" + state: absent + no_log: "{{ checkmk_agent_no_log | bool }}" + when: | + __checkmk_agent_controller_binary.stat.exists | bool + and checkmk_agent_tls | bool + and checkmk_agent_delegate_registration | bool + and (__checkmk_agent_auth is defined and __checkmk_agent_auth | length) + and not checkmk_agent_registration_server + '/' + checkmk_agent_registration_site in __checkmk_agent_registered_connections.stdout + and __checkmk_agent_proxy_registration_state is defined + +- name: "{{ ansible_system }}: Verify Checkmk Agent Port is open." + ansible.builtin.wait_for: + port: "{{ checkmk_agent_port }}" + timeout: 60 + when: checkmk_agent_mode == 'pull' + +- name: "{{ ansible_system }}: Initial push of data for push agent" # noqa no-changed-when + become: true + ansible.builtin.command: cmk-agent-ctl push + when: checkmk_agent_mode == 'push' \ No newline at end of file diff --git a/tasks/RedHat.yml b/tasks/RedHat.yml new file mode 100644 index 0000000..25b2290 --- /dev/null +++ b/tasks/RedHat.yml @@ -0,0 +1,11 @@ +--- +__checkmk_agent_host_tmp_dir: "/tmp" + +__checkmk_agent_agent: + url: + cre: "{{ __checkmk_agent_site_url }}/check_mk/agents/check-mk-agent-{{ checkmk_agent_version }}-1.noarch.rpm" + cee: "{{ __checkmk_agent_site_url }}/check_mk/api/1.0/domain-types/agent/actions/download_by_host/invoke" + file: + cre: "{{ __checkmk_agent_host_tmp_dir }}/check-mk-agent-{{ checkmk_agent_version }}-1.noarch-vanilla.rpm" + cee: "{{ __checkmk_agent_host_tmp_dir }}/check-mk-agent-{{ checkmk_agent_version }}-1.noarch-generic.rpm" + host: "{{ __checkmk_agent_host_tmp_dir }}/check-mk-agent-{{ checkmk_agent_version }}-1.noarch-{{ inventory_hostname }}.rpm" diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..de32dbf --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,83 @@ +--- +- name: "Preflight - Fail if Checkmk Edition is incorrect." + ansible.builtin.fail: + msg: "The provided Checkmk Edition '{{ checkmk_agent_edition }}' does not exist or is not supported by this role." + when: checkmk_agent_edition | lower not in __checkmk_agent_edition_mapping + +- name: "{{ ansible_os_family }}: Include OS family specific variables." + ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" + tags: + - include-os-family-vars + +- name: "{{ ansible_system }}: Include File Management." + ansible.builtin.include_tasks: "{{ ansible_system }}-files.yml" + tags: + - include-system-tasks + - download-package + +- name: "{{ ansible_system }}: Include OS specific tasks." + ansible.builtin.include_tasks: "{{ ansible_system }}.yml" + tags: + - include-system-tasks + +- name: "Activate pending CheckMK configuration changes before discovery." + become: false + checkmk.general.activation: + server_url: "{{ checkmk_agent_server_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_server_port }}/" + site: "{{ checkmk_agent_site }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + automation_user: "{{ checkmk_agent_user }}" + automation_secret: "{{ __checkmk_agent_auth }}" + force_foreign_changes: true + sites: + - "{{ checkmk_agent_site }}" + delegate_to: "{{ checkmk_agent_delegate_api_calls }}" + run_once: true + when: checkmk_agent_discover | bool + register: __checkmk_agent_activation + ignore_errors: true + +- name: "Wait for activation to complete." + ansible.builtin.pause: + seconds: "{{ checkmk_agent_activation_wait_seconds | default(60) }}" + run_once: true + when: + - checkmk_agent_discover | bool + - __checkmk_agent_activation is changed + +- name: "Fetch fresh monitoring data from host." + become: false + checkmk.general.discovery: + server_url: "{{ checkmk_agent_server_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_server_port }}/" + site: "{{ checkmk_agent_site }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + automation_user: "{{ checkmk_agent_user }}" + automation_secret: "{{ __checkmk_agent_auth }}" + host_name: "{{ checkmk_agent_host_name }}" + state: "refresh" + throttle: "{{ checkmk_agent_discover_max_parallel_tasks }}" + delegate_to: "{{ checkmk_agent_delegate_api_calls }}" + when: checkmk_agent_discover | bool + register: __checkmk_agent_refresh_state + retries: 3 + delay: 10 + until: "__checkmk_agent_refresh_state.changed | bool" + +- name: "Update monitored services and labels on host." + become: false + checkmk.general.discovery: + server_url: "{{ checkmk_agent_server_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_server_port }}/" + site: "{{ checkmk_agent_site }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + automation_user: "{{ checkmk_agent_user }}" + automation_secret: "{{ __checkmk_agent_auth }}" + host_name: "{{ checkmk_agent_host_name }}" + state: "tabula_rasa" + throttle: "{{ checkmk_agent_discover_max_parallel_tasks }}" + delegate_to: "{{ checkmk_agent_delegate_api_calls }}" + when: checkmk_agent_discover | bool + register: __checkmk_agent_discovery_state + retries: 3 + delay: 10 + until: "__checkmk_agent_discovery_state.changed | bool" + notify: "Activate changes" \ No newline at end of file